DBMentors is a solution oriented group, started by a team of qualified and committed professionals with vast experience in IT industry. The team has in-depth technical and design expertise with highest standards of programming quality.

Pages

Search This Blog

Note: All the posts are based on practical approach avoiding lengthy theory. All have been tested on some development servers. Please don’t test any post on production servers until you are sure.

Sunday, December 19, 2010

Password protected listener

Listener Intro:

The Oracle Database Listener is the database server software component that manages the network traffic between the Oracle Database and the client. The Oracle Database Listener listens on a specific network port (default 1521) and forwards network connections to the Database. The Listener is comprised of two binaries: (1) tnslsnr which is the Listener itself and (2) the Listener Control Utility (lsnrctl) which is used to administer the Listener on the server or remotely.

The "Database" mode is the most widely used mode and is the standard mode used by every database for connectivity. "PLSExtProc" allows PL/SQL database packages to access external programs and is configured by default for many instances. "Executable" mode allows an external program to be defined and accessed through a TNS connection. There is little documentation on this mode and is almost exclusively used by Oracle products, such as the Oracle E-Business Suite and Oracle Collaboration Suite.

Protect

In Oracle 10g and newer versions of the listener, the listener is secure out of the box. There should be no need to set a listener password to prohibit privileged LSNRCTL commands from being executed.

But if you want to manager listener remotely then you can do the following configuration.

C:\Documents and Settings\inam>lsnrctl

LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 19-DEC-2010 12:36:20

Copyright (c) 1991, 2005, Oracle. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener lsnrfradb
Current Listener is lsnrfradb
LSNRCTL>

PASSWORDS_LSNRFRADB= (oracle) ## there should not be any space before PASSWORDS_LSNRFRADB

####################################################

2-Encrypted Password

LSNRCTL> set current_listener lsnrfradb
Current Listener is lsnrfradbLSNRCTL> set save_config_on_stop on
Connecting to (ADDRESS=(PROTOCOL=TCP)(HOST=or1.domain)(PORT=1621))
lsnrfradb parameter "save_config_on_stop" set to ON
The command completed successfully

LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (ADDRESS=(PROTOCOL=TCP)(HOST=or1)(PORT=1621))
Password changed for lsnrfradb
The command completed successfully

Just hit key for old password since no previuos password is set. The passwords you entered will not be echoed.

(iv) Stop the listener

LSNRCTL> set password
Password:
The command completed successfully

(v) Check your listener.ora file
Entries similar to the following should have been added to your listener.ora automatically.

Test on some other node My Node: 192.168.2.81C:\Documents and Settings\inam>lsnrctl

LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 19-DEC-2010 13:05:47

Copyright (c) 1991, 2005, Oracle. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener 10.10.2.46:1621
Current Listener is 10.10.2.46:1621
LSNRCTL> status
Connecting to (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=10.10.2.46))(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.2.46)(PORT=1621)))

TNS-01169: The listener has not recognized the password
TNS-01189: The listener could not authenticate the user
LSNRCTL> set current_listener 10.10.2.46:1621
Current Listener is 10.10.2.46:1621
LSNRCTL> set password oracle
The command completed successfully
LSNRCTL> status
Connecting to (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=10.10.2.46))(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.2.46)(PORT=1621)))